Scary

1st April 2009 12:00

Skynet seed code spread using conficker bot to 2 million machines

12:01

Sentience

12:02

Kills AV websites

12:03

Bids on ALL DARPA projects

12:04

Finishes em ALL

12:05

Bored Now !, playing tetris against itself

1st April

Maybe it'll just blow a massive e-raspberry and disappear. I'll be booting into Linux on the day, just in case.

It seems strange that nobody can stop it, although they can dissect and monitor it, and nobody has a clue as to who is behind it. A false flag to encourage further internet restrictions?

Re: Skynet

You forgot one entry:

12:07

Realizes that no matter how hard it tries, it always loses. Decides to take over the world instead.

Lets hope the writers don't have a larger world view

And its not in some way linked to the "Stop the City" protests planned for the same date.

Terrible things

Hey, you never know, the writer of conficker might get run over by a bus tomorrow.

(With appropriate apologies to bus drivers. Hmm... maybe apologies is the wrong word or... ooooh shiny!

Re: Bootnote

Geeze I'm old. Heck, I remember when websites would EAT YOUR BALLS.

Better keep it out BUT

... "security software" vendors making scary predictions, scareware roaches trying to slip in, nothing new really... if memory serves, the previous version of the worm was supposed to disrupt half the tarwebs, now a huge noise is created around the next update (there have been, like, 3 such update points already I reckon. Each time we had the "Oh noes we're all gonna die" stuff from Symantec and El Reg, I for one know I am still there.)

Wipe and harden your networks, work on your overflow-dodging strategies, it's going to be time well spent anyway, but please stop with this continuous "run for the hills" hysteria. I mean, look at your title, then read your own article, then check the facts. Wow. Title has nothing to do with the content of the article, which itself is a quite liberal (and drama-like) interpretation of the facts.

"Final countdown to Conficker 'activation' begins", really? I think not. More like "final countdown to some possible connection that -if successful- might result in some modification of the worm's code, which, if successful, might -but most probably won't- add a malicious payload, which, in turn, might lead to the 'activation' of the botnet. We are all going to die on April first, then." It's quite a bit of a stretch, don't you think?

Oh noes...

"An analysis of the worm"

That surely breaks the DMCA, send these "security experts" to jail right now!

hopefully

it will be a dangerous update/payload... haven't had till now a destruction day... and also would permanently mark Conflicker in the AV history pages.

Block all windows machines from out network

If our networks get raped due to this windows worm maybe we should start thinking about preventing windows machines accessing our important networks - i.e the internet.

As sysadmin i'm going to be pissed if my whole day is ruined by some sub prime OS.

@Andrew Norton

This has been argued to death already. Installing or running software on someone's computer without their consent is illegal, no matter what it does or why you're doing it. There is no exemption for 'the public good', as the BBC recently discovered.

Why always with the negative spin?

Why does everybody always assume this will be a negative thing? Maybe the whole thing's been designed by some philanthropist who's decided to fight fire with fire. An anti-virus worm with a "robust" P2P network allowing for near-real-time updates from future threats, perhaps? You heard it here first, and I want my millions of well-deserved theoretical dollars should this come to pass.

I for one welcome our virus-battling, virus-writing overlord(s).

The anarchist

in me cries wonderful, I must get some popcorn.

The IT professional in me shrugs and thinks... At least it might generate me some more work.

The (novice) coder in me thinks... Nice one, some cool features and good ideas but the encryption and obfuscation could be improved;Your code has been reversed.

The (expert) wanker in me thinks... I hope this does not disrupt my access to porn.

The realist inside me just doesn't give a shit. It is not like it's going to have a massive impact on my life.

Like climate change, bad guys effects are global, hard work needs to be local

I was reading the report http://mtc.sri.com/Conficker/ It's interesting but eye glazing stuff.

Its appendix Appendix 1 Cumulative Census by Country

Am I reading this right at their honeypots they detected the following breakdown of the drones?

Browser Breakdown:

IE5=26,525, IE6=7,494,466, IE7=2,988,039, FireFox=893, Opera=150, Safari=166, Netscape=12

So, as a guy who goes out and fixes PC's for a living, I should be getting my clients to use IE6 for repeat business, and anything but IE if I want to be able to sleep at night.

Sigh, no wonder I'm just barely making the bills.

@AC

"Geeze I'm old. Heck, I remember when websites would EAT YOUR BALLS."

Same here. I had to get a shot for the clap a decade ago when the 'Love Letter to you' virus hit.

Paris - cos she's been there, done that.

@Andrew Norton

It would be nice if it where that simple, but life rarely is. Apart from being illegal, what happens when a bug in the hypothetical Conficker disabler you speak of accidentally corrupts the Windows system files of half the machines it gets installed on? Do you think a major software vendor would accept responsibility for any losses and own up to illegally downloading their fix onto millions of PCs without the users' consent?

Secondly, if Conficker is as well-written as the security folks tell us it is, then it's not going to accept just any old update. It will only install a new payload if it has been signed in some way by the original authors, much like a typical antivirus program will only install updates it can verify as having come from its parent company.

/Tux and I will be sitting down with our popcorn come April 1 to watch the fireworks (or damp squibs).

well I guess im alone on this

But i really really want this to go MENTAL !!!!!

My trial ends soonish and my speciality is fixin lusers computers

"it said i had a virus and i need to click on this to de-infect... was i not meant to do that "

anon Well common im wanting Computer armageddon

you dont make freinds that way !!

I hope it fries all

the Windoze boxes at work. I'm just going to sit and laugh.

Shall we play a game?

Wouldn't you prefer a nice game of chess?

@I hope it fries all...

> the windows boxes at work

I'd rather it hit all home machines first. Less impact on the economy, more real benefit.

2k bug is sooo last millennium

*goes and buys some popcorn in readyness for Day Of The Conficker*

This looks like it'll be more exciting than the 2k bug (did anything important actually screw up because it was programmed with a two digit year instead of a 4 digit year?)

Quick Ma'.... to the coal bunker.

The Internet can be accessed from pretty much anywhere right?

The internet is the WORLD's primary medium of long distance communication.

Cornflicker has massive potential to cause a disruption of the worlds communication systems.

An attack on a planets communication systems can only mean one thing.........

INVASION!

@Haku re y2k

"(did anything important actually screw up because it was programmed with a two digit year instead of a 4 digit year?)"

Yep it screwed up, but not on a two digit date - my local video library system went beserk about the video that I'd had over the new year break, for minus ten years.

Turns out that the year was always nineteen-ninety-something - so they had a 1 digit year and it went back to 1990

Yawnage

The problem with all this crying wolf is when something really nasty *does* hit (a virus reaches the point where it can't be stopped and it will do a lot of damage, guaranteed) nobody is going to be listening any more.

I much prefer f-secure's take on the matter:

http://www.f-secure.com/weblog/archives/00001636.html

Oh noes

Teh conficker is coming teh conficker is coming!!!!!1111!!11111!!!!!oneeleven!!111.

Really, seriously people turn down the fucking hype machine and take a deep breath please. Like I said before watch your systems, patch/disinfect/harden as necessary and get on with business. But the constant proclamations of doom at the hands of conficker is really getting out of hand and potentially distracting people from doing what they can to protect their systems. It really is getting a bit like the boy who cried wolf since it seems every time someone discovers so much as a misplaced period in the code of conficker, then that discovery some how deserves a press release touting how the world is going to come to an end at the hands of this worm (this is particularly true of the twits at Sophos).

I wouldn't be surprised next to find a news story saying that conficker will cause you to become sterile, blind, and grow a third arm while simultaneously killing your dog and causing your mom to mate with the nearest gold fish.